Hands-on Cybersecurity Studies: Multi-Perspective Analysis of the WannaCry Ransomware

  • Magazine Article
  • 19AERP08_10
Published 2019-08-01by SAE International in United States
Sector:
Language:
  • English

In-depth analysis of malware provides strategy to defend against future attacks.

Army Research Laboratory, White Sands Missile Range, New Mexico

Ransomware is malware that obstructs a user from accessing digital assets through various mechanisms. These assets are held hostage and inaccessible until the user pays a ransom. In most cases, this is accomplished using encryption where, once the malicious program executes, it will target and encrypt certain files and will release the decryption key at the time of payment. Some ransomware instances target only certain common user-generated files such as media and documents. In this case, system files and others required for the operating system to function correctly (user authentication, process execution, etc.) are unaffected. Others encrypt much more and seek to lock out entire systems.

The spread of ransomware is accomplished through various channels including business applications, USB drives, websites, and especially email. From 2016-2018, the number of emails carrying ransomware increased by 6,000%.